OpenWrt – Blame information for rev 2
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | From: Pablo Neira Ayuso <pablo@netfilter.org> |
2 | Date: Tue, 19 Dec 2017 13:53:45 +0100 |
||
3 | Subject: [PATCH] netfilter: nf_tables: remove nhooks field from struct |
||
4 | nft_af_info |
||
5 | |||
6 | We already validate the hook through bitmask, so this check is |
||
7 | superfluous. When removing this, this patch is also fixing a bug in the |
||
8 | new flowtable codebase, since ctx->afi points to the table family |
||
9 | instead of the netdev family which is where the flowtable is really |
||
10 | hooked in. |
||
11 | |||
12 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
13 | --- |
||
14 | |||
15 | --- a/include/net/netfilter/nf_tables.h |
||
16 | +++ b/include/net/netfilter/nf_tables.h |
||
17 | @@ -968,7 +968,6 @@ enum nft_af_flags { |
||
18 | * |
||
19 | * @list: used internally |
||
20 | * @family: address family |
||
21 | - * @nhooks: number of hooks in this family |
||
22 | * @owner: module owner |
||
23 | * @tables: used internally |
||
24 | * @flags: family flags |
||
25 | @@ -976,7 +975,6 @@ enum nft_af_flags { |
||
26 | struct nft_af_info { |
||
27 | struct list_head list; |
||
28 | int family; |
||
29 | - unsigned int nhooks; |
||
30 | struct module *owner; |
||
31 | struct list_head tables; |
||
32 | u32 flags; |
||
33 | --- a/net/bridge/netfilter/nf_tables_bridge.c |
||
34 | +++ b/net/bridge/netfilter/nf_tables_bridge.c |
||
35 | @@ -44,7 +44,6 @@ nft_do_chain_bridge(void *priv, |
||
36 | |||
37 | static struct nft_af_info nft_af_bridge __read_mostly = { |
||
38 | .family = NFPROTO_BRIDGE, |
||
39 | - .nhooks = NF_BR_NUMHOOKS, |
||
40 | .owner = THIS_MODULE, |
||
41 | }; |
||
42 | |||
43 | --- a/net/ipv4/netfilter/nf_tables_arp.c |
||
44 | +++ b/net/ipv4/netfilter/nf_tables_arp.c |
||
45 | @@ -29,7 +29,6 @@ nft_do_chain_arp(void *priv, |
||
46 | |||
47 | static struct nft_af_info nft_af_arp __read_mostly = { |
||
48 | .family = NFPROTO_ARP, |
||
49 | - .nhooks = NF_ARP_NUMHOOKS, |
||
50 | .owner = THIS_MODULE, |
||
51 | }; |
||
52 | |||
53 | --- a/net/ipv4/netfilter/nf_tables_ipv4.c |
||
54 | +++ b/net/ipv4/netfilter/nf_tables_ipv4.c |
||
55 | @@ -32,7 +32,6 @@ static unsigned int nft_do_chain_ipv4(vo |
||
56 | |||
57 | static struct nft_af_info nft_af_ipv4 __read_mostly = { |
||
58 | .family = NFPROTO_IPV4, |
||
59 | - .nhooks = NF_INET_NUMHOOKS, |
||
60 | .owner = THIS_MODULE, |
||
61 | }; |
||
62 | |||
63 | --- a/net/ipv6/netfilter/nf_tables_ipv6.c |
||
64 | +++ b/net/ipv6/netfilter/nf_tables_ipv6.c |
||
65 | @@ -30,7 +30,6 @@ static unsigned int nft_do_chain_ipv6(vo |
||
66 | |||
67 | static struct nft_af_info nft_af_ipv6 __read_mostly = { |
||
68 | .family = NFPROTO_IPV6, |
||
69 | - .nhooks = NF_INET_NUMHOOKS, |
||
70 | .owner = THIS_MODULE, |
||
71 | }; |
||
72 | |||
73 | --- a/net/netfilter/nf_tables_api.c |
||
74 | +++ b/net/netfilter/nf_tables_api.c |
||
75 | @@ -1359,9 +1359,6 @@ static int nft_chain_parse_hook(struct n |
||
76 | return -EINVAL; |
||
77 | |||
78 | hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); |
||
79 | - if (hook->num >= afi->nhooks) |
||
80 | - return -EINVAL; |
||
81 | - |
||
82 | hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); |
||
83 | |||
84 | type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; |
||
85 | @@ -4981,7 +4978,7 @@ static int nf_tables_flowtable_parse_hoo |
||
86 | return -EINVAL; |
||
87 | |||
88 | hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); |
||
89 | - if (hooknum >= ctx->afi->nhooks) |
||
90 | + if (hooknum != NF_NETDEV_INGRESS) |
||
91 | return -EINVAL; |
||
92 | |||
93 | priority = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_PRIORITY])); |
||
94 | --- a/net/netfilter/nf_tables_inet.c |
||
95 | +++ b/net/netfilter/nf_tables_inet.c |
||
96 | @@ -40,7 +40,6 @@ static unsigned int nft_do_chain_inet(vo |
||
97 | |||
98 | static struct nft_af_info nft_af_inet __read_mostly = { |
||
99 | .family = NFPROTO_INET, |
||
100 | - .nhooks = NF_INET_NUMHOOKS, |
||
101 | .owner = THIS_MODULE, |
||
102 | }; |
||
103 | |||
104 | --- a/net/netfilter/nf_tables_netdev.c |
||
105 | +++ b/net/netfilter/nf_tables_netdev.c |
||
106 | @@ -40,7 +40,6 @@ nft_do_chain_netdev(void *priv, struct s |
||
107 | |||
108 | static struct nft_af_info nft_af_netdev __read_mostly = { |
||
109 | .family = NFPROTO_NETDEV, |
||
110 | - .nhooks = NF_NETDEV_NUMHOOKS, |
||
111 | .owner = THIS_MODULE, |
||
112 | .flags = NFT_AF_NEEDS_DEV, |
||
113 | }; |